UK lags behind in data protection

Posted in 'Identity Theft' by Barry Stamp

04 June 2009

The UK is in danger of being left behind when it comes to protecting the personal data of its individuals and reacting when breaches do happen.

The US government has passed a new law that requires organisations who suffer data losses to inform those affected and, if it is deemed serious enough, the media. Unfortunately, there is no sign of the same level of transparency being introduced in the UK - despite personal and sensitive information continuing to be stolen or simply ‘misplaced’ on an alarmingly regular basis, and very often by public bodies.

Talks have taken place in the European Parliament over what should be done, but the only real decision taken so far is that current proposals – which cover telecoms companies - won’t be extended to cover online banking, email and other service providers.

The news that American citizens are to get better protection against personal data losses comes hot on the heels of the admission in the UK that the NHS suffered 140 breaches in the first 4 months of 2008 alone. More worrying is the revelation about the theft of discs from an RAF base in Gloucestershire in September 2008. After a ridiculous level of denials, it has now emerged that the discs contained highly sensitive information on tens of thousands of personnel, including bank details, addresses, debts and even disclosure of extra marital activities and use of prostitutes.

The loss was kept secret from the public, the Information Commissioner and even Parliament, although those affected had been contacted and advised on what action to take. It is feared that the sensitive information could be used for blackmail purposes in the wrong hands.

The biggest ever loss of personal data occurred in 2007, when more than 45 million credit card records stolen from US company TJX - a number of which belonged to UK consumers who had shopped at TK Maxx – which is owned by the US giant – prior to the theft.

Following the breach – which was carried out with worrying ease – TJX was forced to pay out almost $41 million in compensation and further to provide 454,000 consumers in the US with free credit monitoring for 3 years to protect those affected against Identity Theft. Unfortunately, UK consumers weren’t included in this offer.

The most high profile punishment to date here in the UK saw Nationwide Building Society fined almost £1 million in 2007 by the Financial Services Authority for losing a laptop containing customer details. Yet on an almost daily basis, the public sector – and in particular the NHS - loses similar data with little or no recrimination other than a slapped wrist from the Information Commissioner.

There is no legal requirement in the UK to disclose data losses and the Information Commission has relatively little power when it comes to punishing organisations (especially non-commercial organisations). Because of this, and with the recession contributing to a 40% increase in identity theft as criminals target credit worthy individuals to defraud, it seems that further data breaches are inevitable. Whether they are actually disclosed is another matter.

Until such time as the UK or Europe take steps to help protect against data losses and, just as importantly, take appropriate steps to alert those affected and advise them on what to do, it’s down to us as individuals to make sure we’re as protected as possible against identity fraud.

Careful monitoring of your credit file is an excellent tool in the battle. You can keep an eye on all three credit reference agency files each month for just £17.55 per quarter with checkmyfile – the cheapest service in the UK. And if that’s too expensive for you, you can monitor just one credit reference agency for as little as £4.85 per month. That’s a small price to pay for peace of mind.

Click here to start monitoring your credit files today.